CAN/CSA-ISO/IEC 27013:16
Current
The latest, up-to-date edition.
Information technology - Security techniques - Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 (Adopted ISO/IEC 27013:2015, second edition, 2015-12-01)
Hardcopy , PDF
English
01-01-2016
Important note : All end users must be registered with an Account prior to user licenses being assigned.
Foreword
Introduction
1 Scope
2 Normative references
3 Terms, definitions and abbreviated terms
4 Overviews of ISO/IEC 27001 and ISO/IEC 20000-1
5 Approaches for integrated implementation
6 Integrated implementation considerations
Annex A (informative) - Correspondence between ISO/IEC 27001
and ISO/IEC 20000-1
Annex B (informative) - Comparison of ISO/IEC 27000 and
ISO/IEC 20000-1 terms
Bibliography
Specifies guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for those organizations that are intending to either: a) implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa; b) implement both ISO/IEC 27001 and ISO/IEC 20000-1 together, or; and c) integrate existing management systems based on ISO/IEC 27001 and ISO/IEC 20000-1.
| DocumentType |
Standard
|
| ISBN |
978-1-4883-0600-6
|
| Pages |
0
|
| PublisherName |
Canadian Standards Association
|
| Status |
Current
|
| Supersedes |
Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 27013" throughout. This Standard supersedes CAN/CSA-ISO/IEC 27013:15 (adopted ISO/IEC 27013:2012). At the time of publication, ISO/IEC 27013:2015 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC. Scope This International Standard provides guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for those organizations that are intending to either a) implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa b) implement both ISO/IEC 27001 and ISO/IEC 20000-1 together, or c) integrate existing management systems based on ISO/IEC 27001 and ISO/IEC 20000-1. This International Standard focuses exclusively on the integrated implementation of an information security management system (ISMS) as specified in ISO/IEC 27001 and a service management system (SMS) as specified in ISO/IEC 20000-1. In practice, ISO/IEC 27001 and ISO/IEC 20000-1 can also be integrated with other management system standards, such as ISO 9001 and ISO 14001.
| Standards | Relationship |
| ISO/IEC 27013:2015 | Identical |
| ISO/IEC TR 20000-5:2013 | Information technology Service management Part 5: Exemplar implementation plan for ISO/IEC 20000-1 |
| ISO 19011:2011 | Guidelines for auditing management systems |
| ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
| ISO/IEC TR 90006:2013 | Information technology Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC 20000-1:2011 |
| ISO/IEC 27003:2017 | Information technology — Security techniques — Information security management systems — Guidance |
| ISO/IEC 27004:2016 | Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation |
| ISO 31000:2009 | Risk management Principles and guidelines |
| ISO/IEC 27006:2015 | Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems |
| ISO/IEC 27014:2013 | Information technology Security techniques Governance of information security |
| ISO/IEC 27002:2013 | Information technology Security techniques Code of practice for information security controls |
| ISO/IEC TR 20000-9:2015 | Information technology Service management Part 9: Guidance on the application of ISO/IEC 20000-1 to cloud services |
| ISO/IEC TR 20000-4:2010 | Information technology Service management Part 4: Process reference model |
| ISO/IEC 27010:2015 | Information technology Security techniques Information security management for inter-sector and inter-organizational communications |
| ISO/IEC 20000-1:2011 | Information technology Service management Part 1: Service management system requirements |
| ISO/IEC 20000-2:2012 | Information technology Service management Part 2: Guidance on the application of service management systems |
| ISO/IEC 20000-3:2012 | Information technology Service management Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 |
| ISO/IEC 27005:2011 | Information technology Security techniques Information security risk management |
| ISO 9000:2015 | Quality management systems — Fundamentals and vocabulary |
| ISO/IEC TR 27008:2011 | Information technology Security techniques Guidelines for auditors on information security controls |
| ISO/IEC TS 15504-8:2012 | Information technology Process assessment Part 8: An exemplar process assessment model for IT service management |
| ISO/IEC 27007:2017 | Information technology Security techniques Guidelines for information security management systems auditing |
| ISO/IEC 27000:2016 | Information technology Security techniques Information security management systems Overview and vocabulary |
| ISO/IEC TR 20000-10:2015 | Information technology Service management Part 10: Concepts and terminology |
| ISO Guide 73:2009 | Risk management — Vocabulary |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.